Reply
New Member
Posts: 30
Registered: ‎10-16-2013
Kudos: 6
Solutions: 1

2 VLANs on WAN - Internet and IPTV - USG PRO

Hi there.

I've searched the forum and haven't found the exact solution yet. Many good ones but not quite the ones I've managed to implement.

So here is my setup:

Network.png

I have the fiber coming into the SFP port on USG Pro. I want to be able to get the internet from that and bridge the IPTV traffic through also.

I've seen the suggestion of using the switch to take in the internet, which means that I would basically move the SFP module over to the switch, and split the VLAN's there.

I don't like that idea, I want to be able to have the USG PRO as the first contact, sort of speak, and work from there.

So, I think I've found part of the solution but it requires making a config.gateway.json file. Which is OK as long as I do it right. My question is, how little should I put in that file? I've seen people talk about not putting all of the config so if I want to add vif to interface, do I need to put all of the code regarding that interface in the file or just the extra part?

 ethernet eth2 {
duplex auto
speed auto
vif 106 { address dhcp dhcp-options { client-option "retry 60;" default-route update default-route-distance 1 name-server update } firewall { in { name WAN_IN } local { name WAN_LOCAL } out { name WAN_OUT } } } vif 701 { address dhcp dhcp-options { default-route no-update default-route-distance 210 name-server no-update } firewall { in { name IPTV_IN } local { name IPTV_LOCAL } } } }

Should all of this be in the file or just the vif 701 part?

    ethernet eth2 {
        duplex auto
        speed auto
        vif 701 {
            address dhcp
            dhcp-options {
                default-route no-update
                default-route-distance 210
                name-server no-update
            }
            firewall {
                in {
                    name IPTV_IN
                }
                local {
                    name IPTV_LOCAL
                }
            }
        }
        
    }

And, what would be the next step to bridge the traffic through the gateway?

I guess I need to make these firewall rules, IPTV_IN and local? Or if I bridge, it would not go through the firewall?

 

I guess I need these also?

protocols {
    igmp-proxy {
        interface eth2.701 {
            alt-subnet 0.0.0.0/0
            role upstream
            threshold 1
        }
        interface eth0 {
            alt-subnet 0.0.0.0/0
            role downstream
            threshold 1
        }
    }
}

Is there a way to bridge VLAN 701 through the USG PRO? So that traffic just goes through, tagged? I will then untag it in the switchport or on the the UAP AC inwall.

This is closest to the solution I've seen but here they suggest using the switch as the first contact.

Having all UniFi based system is great. It is a disadvantage not being able to do all of these settings in GUI or at least have a good walkthrough to do it in CLI. I don't mind working in CLI, if there is a way to do it there. Man Happy

New Member
Posts: 30
Registered: ‎10-16-2013
Kudos: 6
Solutions: 1

Re: 2 VLANs on WAN - Internet and IPTV - USG PRO

So...I ended up doing what had been suggested in another thread, that is to take the fiber optic cable in to the switch and split up the VLANs there. 

I made 2 VLAN only networks, 106 and 701 and then had one port in the switch with only VLAN 106 and connected that to WAN1 on the USG Pro. 

This works well but there is one thing bothering me. The SFP port which has the fiber connected to it, has all the VLANs on it. I miss the option of being able to select which VLAN is on each port and select if is tagged or not. Because of this, I see a lot of users in the user section of UniFi software. Because of how clever the software is it sees everything that is connected to the SFP port apparently.

Is there a way to only have 2 of the VLANs on the SFP port and both tagged?

New Member
Posts: 4
Registered: ‎11-16-2016

Re: 2 VLANs on WAN - Internet and IPTV - USG PRO

Hi Mate,

 

 

Just a quick question are you running your IPTV as a Mulicast stream?

 

If so how do you find the switches perform? I've delt with IPTV alot in the past and the biggest problem has been Multicast "Bleeding" lots of (and i mean almost every) low cost switches have the issue (think every switch except Allied Telesys, Cisco and the other high end players)  Problem usually starts when you are mulitcasting 3-5 channels + ...

 

if its all unicast im still interested in your results so far... 

New Member
Posts: 15
Registered: ‎07-28-2017
Kudos: 14

Re: 2 VLANs on WAN - Internet and IPTV - USG PRO

Hi, maybe this post is helpfull regarding your VLAN tagging for the SFP port: https://community.ubnt.com/t5/UniFi-Routing-Switching/Home-setup-T-Mobile-Thuis-fiber/m-p/2008849

New Member
Posts: 30
Registered: ‎10-16-2013
Kudos: 6
Solutions: 1

Re: 2 VLANs on WAN - Internet and IPTV - USG PRO

At the moment it's only 1 or 2 IPTV recievers/descramblers so no problem right now.
New Member
Posts: 30
Registered: ‎10-16-2013
Kudos: 6
Solutions: 1

Re: 2 VLANs on WAN - Internet and IPTV - USG PRO

Found out how to only have two networks on the port. This thread https://community.ubnt.com/t5/UniFi-Routing-Switching/Home-setup-T-Mobile-Thuis-fiber/m-p/2008849 showed me how.
Made a network group with only IPTV and Internet and both tagged. Then changed the port to that group. Did that on a live system over the cloud connection, pretty cool I think, and everything worked great!
New Member
Posts: 30
Registered: ‎10-16-2013
Kudos: 6
Solutions: 1

Re: 2 VLANs on WAN - Internet and IPTV - USG PRO

This was actually a great post and I used it to make a network group for the port.
Still want to figure out how to bridge IPTV through the USG Pro.
New Member
Posts: 30
Registered: ‎10-16-2013
Kudos: 6
Solutions: 1

Re: 2 VLANs on WAN - Internet and IPTV - USG PRO

So, I've got this working but not as I want. I have the fiber coming into the switch where I split up the VLANs and send the internet to the USG Pro and the IPTV floats where it is supposed to. The problem is that the switch "sees" everything that is connected to it so I'm seeing a lot of users that are on the ISP network. I want to be able to connect the fiber to the USG and work from there. But I can only make one network for the WAN1 port. I think the easiest way would be if we could make a network (switch port) group and have the WAN connections in that group. In the current firmware it is not possible to assign the WAN network to a group. If that would be possible and we could assign that group to the WAN port then everything should work.... 

So, Ubiquiti, are you going to solve this for us? It's possible on many other routers, so why not on UniFi? I love UniFi and I promote that everywhere but this is a drawback, I have to admit.

New Member
Posts: 10
Registered: ‎09-11-2014
Kudos: 2
Solutions: 1

Re: 2 VLANs on WAN - Internet and IPTV - USG PRO

I’m preparing for a similar project and I was hoping to use the two LAN ports for this, where each LAN port would be untagged and one would be internet only, and the other would be IPTV only. Is that not an option?

 

I 100% agree with the idea that the USG should be the connection to the outside world and not the switch.. 

New Member
Posts: 28
Registered: ‎05-02-2018
Kudos: 5

Re: 2 VLANs on WAN - Internet and IPTV - USG PRO

Is it something like option 2 in this thread you want to do?

 

New Member
Posts: 38
Registered: ‎12-14-2018
Kudos: 7
Solutions: 1

Re: 2 VLANs on WAN - Internet and IPTV - USG PRO

How about tagging VLAN 106 on WAN1 and VLAN701 on WAN2 and then hooking both to dumb VLAN aware switch with the CPE?

Reply